Security update for python-python-gnupg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0143-1 Final 1 1 2019-03-23T10:54:32Z current 2019-03-23T10:54:32Z 2019-03-23T10:54:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-python-gnupg This update for python-python-gnupg to version 0.4.4 fixes the following issues: Security issue fixed: - CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases (boo#1123498). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-143 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html E-Mail link for openSUSE-SU-2019:0143-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1123498 SUSE Bug 1123498 https://www.suse.com/security/cve/CVE-2019-6690/ SUSE CVE CVE-2019-6690 page openSUSE Leap 15.0 python2-python-gnupg-0.4.4-lp150.2.6.1 python3-python-gnupg-0.4.4-lp150.2.6.1 python2-python-gnupg-0.4.4-lp150.2.6.1 as a component of openSUSE Leap 15.0 python3-python-gnupg-0.4.4-lp150.2.6.1 as a component of openSUSE Leap 15.0 python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. CVE-2019-6690 openSUSE Leap 15.0:python2-python-gnupg-0.4.4-lp150.2.6.1 openSUSE Leap 15.0:python3-python-gnupg-0.4.4-lp150.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html https://www.suse.com/security/cve/CVE-2019-6690.html CVE-2019-6690 https://bugzilla.suse.com/1123498 SUSE Bug 1123498